Cisco Secure Client Vulnerability Allows CRLF Injection Attacks
Key Information
- Vendor
- Cisco
- Status
- Cisco Secure Client
- Vendor
- CVE Published:
- 6 March 2024
Badges
Summary
The vulnerability CVE-2024-20337 in Cisco Secure Client allows for CRLF injection attacks, potentially enabling an attacker to access sensitive information or execute arbitrary code in a user's browser. Exploiting this vulnerability could lead to the attacker obtaining a valid SAML authentication token, which they could use to establish a remote access VPN session with the affected user's privileges. While there are currently no known exploitations of this vulnerability, Cisco has released updated versions of Secure Client to address this flaw.
Affected Version(s)
Cisco Secure Client = 4.9.00086
Cisco Secure Client = 4.9.01095
Cisco Secure Client = 4.9.02028
News Articles
Britec Computer Systems CVE-2024-20337Cyber Threat Landscape: A Look at Cisco’s CVE-2024-20337 Patch
Unveil the threat of CVE-2024-20337 with Cisco’s Secure Client flaw. Learn how to secure your VPN sessions and protect against potential hijacking.
6 months ago
Spiceworks CVE-2024-20337CVE-2024-20338Cisco Patches VPN Hijacking Bug - Spiceworks
Cisco has released patches for a critical vulnerability that enabled VPN hijacking in its Secure Client software. Find out more.
6 months ago
The Final Hop CVE-2024-20337Understanding CVE-2024-20337: A Deep Dive into Cisco's Latest Patch
The Critical Flaw in Cisco's Secure Client Cisco has taken significant steps to mitigate a high-severity vulnerability in its Secure Client software, identified as CVE-2024-20337. With a CVSS score of 8.2, this flaw allowed for a carriage return line feed (CRLF) injection attack, representing a sop...
6 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by Help Net Security
Vulnerability published.
Vulnerability Reserved.